CVE Catalog

CVE-2026-54555

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

A vulnerability in rtk (versions before 0.42.2) allowed bypassing the permission control mechanism by hiding a second command within Bash shell constructs that were not properly split or rejected. A command starting with an allowed prefix (e.g., 'git') could contain a hidden command that executed without required user authorization.

Risk Assessment

An attacker can execute unauthorized commands on the system, bypassing security policies and user confirmation mechanisms. This poses a serious risk of privilege escalation and uncontrolled access to system resources.

Recommendation

Immediately update rtk to version 0.42.2 or later, which includes a fix that properly splits and rejects dangerous Bash shell constructs.

Original NVD description (English source)

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an allowed prefix such as git could hide a second command behind one of these constructs. rtk rewrite returned exit code 0, causing the Claude hook to emit permissionDecision: "allow". The rewritten command still contained the hidden command, so it ran without the user confirmation or denial that the permission rules were intended to enforce. This vulnerability is fixed in 0.42.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS